CVE-2025-47711
Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
Existe una falla en el servidor nbdkit al gestionar las respuestas de sus complementos sobre el estado de los bloques de datos. Si un cliente realiza una solicitud específica para un rango de datos muy grande y un complemento responde con un bloque aún mayor, el servidor nbdkit puede encontrar un error interno crítico que provoque una denegación de servicio.
These are all security issues fixed in the nbdkit-1.42.3-1.1 package on the GA media of openSUSE Tumbleweed.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2025-05-07 CVE Reserved
- 2025-05-20 CVE Published
- 2025-06-09 CVE Updated
- 2025-06-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-193: Off-by-one Error
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://access.redhat.com/security/cve/CVE-2025-47711 | Vdb Entry | |
https://bugzilla.redhat.com/show_bug.cgi?id=2365687 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Red Hat Search vendor "Red Hat" | Enterprise Linux Search vendor "Red Hat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Advanced Virtualization Search vendor "Redhat" for product "Advanced Virtualization" | * | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
|